<?php session_start();
if (isset($_SESSION['lang']))
    require_once "./language_files/respondtoRequest_" . $_SESSION['lang'] . ".php";
else
    require_once "./language_files/respondtoRequest_en.php";

require_once "functions.php";
if (isset($_POST['type'])) {
    $Requesttype = mysql_real_escape_string($_POST['requestType']);
    $id = mysql_real_escape_string($_POST['member_id']);
    $request_id = mysql_real_escape_string($_POST['requestID']);
    $conference_name = mysql_real_escape_string($_POST['confName']);
    $conference_id = mysql_real_escape_string($_POST['confID']);
    $t = mysql_real_escape_string($_POST['type']);
    if ($t == 'Accept') {
        //know which type the user wants to be

        if ($Requesttype == '2') {
            //bring the organizer id from table privileges
            $privileges_id_organizer = mysql_query("SELECT privileges_id from privileges where role = 'organizer'")
                    or die(mysql_error());
            While ($row = mysql_fetch_assoc($privileges_id_organizer)) {
                $privileges_id = $row['privileges_id'];
            }
            //insert this member as an organizer in the conference in table member_privileges
            mysql_query("INSERT INTO member_privileges(member_id, privileges_id, conference_id)
                  VALUES ('$request_id','$privileges_id','$conference_id')")
                    or die(mysql_error());
            //update table member_subscribesto_conference and make that the request has been responded to
            mysql_query("UPDATE member_subscribesto_conference SET approve = 1
                    where member_id = '$request_id' AND conference_id = '$conference_id' AND request_type = '2'") or die(mysql_error());
            //send a message to the requestor to inform him that the request is accepted
            $message = $lang['conf'] . ' ' . $conference_name . ' ' . $lang['text_1'];
            //insert the message in table messages
            mysql_query("INSERT INTO messages (message, subject, date_sent) VALUES ('$message', '$conference_name', NOW())")
                    or die(mysql_error());
            //get the message id which has been sent
            $privileges_id_attendee = mysql_query("SELECT privileges_id from privileges where role = 'attendee'")
                    or die(mysql_error());
            While ($row = mysql_fetch_assoc($privileges_id_attendee)) {
                $privileges_id2 = $row['privileges_id'];
            }
            mysql_query("DELETE FROM  member_privileges where member_id = '$request_id' AND conference_id =
                '$conference_id' AND privileges_id = $privileges_id2") or die(mysql_error());
            $message_id = mysql_query("SELECT * FROM messages WHERE message='$message'");
            While ($row = mysql_fetch_assoc($message_id)) {
                $mesid = $row['message_id'];
            }
            //insert the message in table member_message_member
            $re = mysql_query("INSERT INTO member_message_member (member_id1, member_id2,conference_id, message_id)
                                VALUES ($id, $request_id, $conference_id, $mesid)");

            echo '1';
            // header("Location: incomingRequests.php?msg=1");
        }//he wants to become a reviewer
        else if ($Requesttype == '1') {
            //bring the reviewer id from table privileges
            $privileges_id_reviewer = mysql_query("SELECT privileges_id from privileges where role = 'reviewer'")
                    or die(mysql_error());
            While ($row = mysql_fetch_assoc($privileges_id_reviewer)) {
                $privileges_id = $row['privileges_id'];
            }
            //insert this member as a reviewer in the conference in table member_privileges
            mysql_query("INSERT INTO member_privileges(member_id, privileges_id, conference_id)
                  VALUES ('$request_id','$privileges_id','$conference_id')")
                    or die(mysql_error());
            //update table member_subscribesto_conference and make that the request has been responded to
            mysql_query("UPDATE member_subscribesto_conference SET approve = 1
                    where member_id = '$request_id' AND conference_id = '$conference_id' AND request_type = '1'") or die(mysql_error());
            //send a message to the requestor to inform him that the request is accepted
            $message = $lang['conf'] . ' ' . $conference_name . ' ' . $lang['text_2'];
            //insert the message in table messages
            mysql_query("INSERT INTO messages (message, subject, date_sent) VALUES ('$message', '$conference_name', NOW())")
                    or die(mysql_error());
            //get the message id which has been sent
            $privileges_id_attendee = mysql_query("SELECT privileges_id from privileges where role = 'attendee'")
                    or die(mysql_error());
            While ($row = mysql_fetch_assoc($privileges_id_attendee)) {
                $privileges_id2 = $row['privileges_id'];
            }
            mysql_query("DELETE FROM  member_privileges where member_id = '$request_id' AND conference_id =
                '$conference_id' AND privileges_id = $privileges_id2") or die(mysql_error());
            $message_id = mysql_query("SELECT * FROM messages WHERE message='$message'");
            While ($row = mysql_fetch_assoc($message_id)) {
                $mesid = $row['message_id'];
            }
            //insert the message in table member_message_member
            $re = mysql_query("INSERT INTO member_message_member (member_id1, member_id2,conference_id, message_id)
                                VALUES ($id, $request_id, $conference_id, $mesid)");

            echo '1';
            //  header("Location: incomingRequests.php?msg=1");
        } else if ($Requesttype == '3') {
            //bring the reviewer id from table privileges
            $privileges_id_reviewer = mysql_query("SELECT privileges_id from privileges where role = 'author'")
                    or die(mysql_error());
            While ($row = mysql_fetch_assoc($privileges_id_reviewer)) {
                $privileges_id = $row['privileges_id'];
            }
            //insert this member as a reviewer in the conference in table member_privileges
            mysql_query("INSERT INTO member_privileges(member_id, privileges_id, conference_id)
                  VALUES ('$request_id','$privileges_id','$conference_id')")
                    or die(mysql_error());
            //update table member_subscribesto_conference and make that the request has been responded to
            mysql_query("UPDATE member_subscribesto_conference SET approve = 1
                    where member_id = '$request_id' AND conference_id = '$conference_id' AND request_type = '3'") or die(mysql_error());
            //send a message to the requestor to inform him that the request is accepted
            $message = $lang['conf'] . ' ' . $conference_name . ' ' . $lang['text_3'];
            //insert the message in table messages
            mysql_query("INSERT INTO messages (message, subject, date_sent) VALUES ('$message', '$conference_name', NOW())")
                    or die(mysql_error());
            //get the message id which has been sent
            $privileges_id_attendee = mysql_query("SELECT privileges_id from privileges where role = 'attendee'")
                    or die(mysql_error());
            While ($row = mysql_fetch_assoc($privileges_id_attendee)) {
                $privileges_id2 = $row['privileges_id'];
            }
            mysql_query("DELETE FROM  member_privileges where member_id = '$request_id' AND conference_id = '$conference_id' AND privileges_id = $privileges_id2") or die(mysql_error());
            $message_id = mysql_query("SELECT * FROM messages WHERE message='$message'");
            While ($row = mysql_fetch_assoc($message_id)) {
                $mesid = $row['message_id'];
            }
            //insert the message in table member_message_member
            $re = mysql_query("INSERT INTO member_message_member (member_id1, member_id2,conference_id, message_id)
                                VALUES ($id, $request_id, $conference_id, $mesid)") or die(mysql_error());
            echo '1';
        }
    } else if ($t == "Reject") {
        //update table member_subscribesto_conference and make that the request has been responded to
        mysql_query("UPDATE member_subscribesto_conference SET approve = 0
                where member_id = '$request_id '  AND conference_id = '$conference_id' AND request_type = '$Requesttype'") or die(mysql_error());
        //send a message to the requestor to inform him that the request is rejected

        $message = $lang['conf'] . ' ' . $conference_name . ' ' . $lang['text_4'];
        mysql_query("INSERT INTO messages (message, subject, date_sent) VALUES ('$message', '$conference_name', NOW())") or die(mysql_error());
        //get the message id which has been sent
        $message_id = mysql_query("SELECT * FROM messages WHERE message='$message'");
        While ($row = mysql_fetch_assoc($message_id)) {
            $mesid = $row['message_id'];
        }
        //insert the message in table member_message_member
        $re = mysql_query("INSERT INTO member_message_member (member_id1, member_id2,conference_id, message_id)
                                VALUES ($id, $request_id , $conference_id, $mesid)");


        // header("Location: incomingRequests.php?msg=0");
        echo "1";
    }
}
if (isset($_POST['type2'])) {
    $confid = mysql_real_escape_string($_POST['confID']);
    $request_id = mysql_real_escape_string($_POST['requestID']);
    $request_type = mysql_real_escape_string($_POST['requestType']);
    $member_id = mysql_real_escape_string($_POST['member_id']);
// if the accept button pressed



    if ($_POST['type2'] == "yes1") {
        // excute this method
        $member_id = mysql_real_escape_string($_POST['member_id']);
        $privileges_id_author = mysql_query(" SELECT privileges_id from privileges where role = 'author'");
        $row = mysql_fetch_assoc($privileges_id_author);
        $privileges_id_author = $row ['privileges_id'];
        // returns the privilege ID for a reviewer
        $privileges_id_reviewer = mysql_query(" SELECT privileges_id from privileges where role = 'reviewer'");
        $row = mysql_fetch_assoc($privileges_id_reviewer);
        $privileges_id_reviewer = $row['privileges_id'];

        // returns the privilege ID for an organizer
        $privileges_id_organizer = mysql_query(" SELECT privileges_id from privileges where role = 'organizer'");
        $row = mysql_fetch_assoc($privileges_id_organizer);
        $privileges_id_organizer = $row['privileges_id'];

        // returns the type of the current request, either reviewer or organizer
        $request_type = mysql_real_escape_string($_POST['requestType']);
        //echo $row['type'];

        if ($request_type == 'R') {
            $member_id = mysql_real_escape_string($_POST['member_id']);
            // inserts the current user ID,reviewer privilege ID and conference ID into the member privileges table to update the members privileges with the new privilege
            mysql_query("INSERT INTO member_privileges (member_id, privileges_id, conference_id)
         VALUES('$member_id', '$privileges_id_reviewer', '$confid')") or die('insertion error in r' . mysql_error());
            // update approve field to true
            //mysql_query("DELETE FROM request WHERE request_id = {$_POST['requestID']}") or die("delete error in r" . mysql_error());
            $rID = mysql_real_escape_string($_POST['requestID']);
            mysql_query("UPDATE member_request_member SET approve =  1
                    WHERE request_id = {$rID} AND type = 'R'") or die(mysql_error());
            echo '1';
        }
        //checks that the current request is an organizer request
        else if ($request_type == 'A') {
            mysql_query("INSERT INTO member_privileges (member_id, privileges_id, conference_id)
         VALUES('$member_id', '$privileges_id_author', '$confid')") or die('insertion error in a' . mysql_error());
            // update approve field to true
            //mysql_query("DELETE FROM request WHERE request_id = {$request_id}") or die("delete fe author" . mysql_error());
            mysql_query("UPDATE member_request_member SET approve = 1
                    WHERE request_id = {$request_id} AND type = 'A'") or die("dee" . mysql_error());
            echo '1';
            //echo $request_id;
        } else {
            // inserts the current user ID,reviewer privilege ID and conference ID into the member privileges table to update the members privileges with the new privilege
            mysql_query("INSERT INTO member_privileges (member_id, privileges_id, conference_id)
         VALUES('$member_id', '$privileges_id_organizer', '$confid')") or die('insertion error in o' . mysql_error());
            // update approve field to true
            //mysql_query("DELETE FROM request WHERE request_id = {$request_id}") or die(mysql_error());
            $rID = mysql_real_escape_string($_POST['requestID']);
            mysql_query("UPDATE member_request_member SET approve = 1
                    WHERE request_id = {$rID} AND type = 'O'") or die(mysql_error());
                    echo '1';
        }
        //echo 1;
        // *Author: Nour-Allah till line 88
        // print a message confirming the member's membership in the current conference
        /* if ($request_type == 'R') {
          // Select first_name, second_name
          $Name = mysql_query("SELECT first_name, last_name FROM member WHERE member_id = '$member_id' ");
          $row = mysql_fetch_assoc($Name);
          // check if first_name or second_name == NULL
          if ($row['first_name'] == NULL || $row['last_name'] == NULL) {

          // Create a link that redirects to the next page which is submission and sending to it the conference
          //print " <a href='SignUp.php?from=A&member_id={$member_id}&conference_id={$confid}'>Click here</a>";

          header("Location: SignUp.php?from=B&member_id={$member_id}");
          } else {

          }
          // *Author: Nour-Allah till line 119
          } else if ($request_type == 'A') {
          // Select first_name, second_name
          $Name = mysql_query("SELECT first_name, last_name FROM member WHERE member_id = '$member_id' ");
          $row = mysql_fetch_assoc($Name);
          // check if first_name or second_name == NULL
          if ($row['first_name'] == NULL || $row['last_name'] == NULL) {

          // Create a link that redirects to the next page which is submission and sending to it the conference
          //print " <a href='SignUp.php?from=A&member_id={$member_id}&conference_id={$confid}'>Click here</a>";

          header("Location: SignUp.php?from=C&conference_id={$confid}&member_id={$member_id}&request_id={$request_id}&new='1'");
          } else {
          // Create a link that redirects to the next page which is submission and sending to it the conference
          }
          } else {
          // Select first_name, second_name
          $Name = mysql_query("SELECT first_name, last_name FROM member WHERE member_id = '$member_id' ");
          $row = mysql_fetch_assoc($Name);
          // check if first_name or second_name == NULL
          if ($row['first_name'] == NULL || $row['last_name'] == NULL) {

          // Create a link that redirects to the next page which is submission and sending to it the conference

          header("Location: SignUp.php?from=B&member_id={$member_id}");
          }
          } */

        //echo 'you are now a reviewer in the ' ."$conference_title". 'conference';
    }

// if the user rejects
    if ($_POST['type2'] == "no1") {

        // excute this method
        $member_id = mysql_real_escape_string($_POST['member_id']);
        // checks that the current user id is passed in the session
        // returns the type of request send, either reviewer or organizer
        // save type in a variable
        $request_type = mysql_real_escape_string($_POST['requestType']);
        //checks that the request is a reviewing request
        if ($request_type == 'R') {
            // mysql_query("DELETE FROM request WHERE request_id = {$_POST['requestID']}") or die(mysql_error());
            $rID = mysql_real_escape_string($_POST['requestID']);
            mysql_query("UPDATE member_request_member SET approve = 0
                    WHERE request_id = {$rID} AND type = 'R'") or die(mysql_error());
            echo '1';
        }
        //checks that the request is a request for becoming an author
        else if ($request_type == 'A') {
            // update approve field to true
            //mysql_query("DELETE FROM request WHERE request_id = {$_POST['requestID']}") or die(mysql_error());
            mysql_query("UPDATE member_request_member SET approve = 0
                    WHERE request_id = {$_POST['requestID']} AND type = 'A'") or die(mysql_error());
            echo '1';
        }
        //checks that the request is a reviewing request
        else {
            // update approve field to true
            //mysql_query("DELETE FROM request WHERE request_id = {$_POST['requestID']}") or die(mysql_error());
            $rID = mysql_real_escape_string($_POST['requestID']);
            mysql_query("UPDATE member_request_member SET approve = 0
                    WHERE request_id = {$rID} AND type = 'O'") or die(mysql_error());
            echo '1';
        }
        //echo $_POST['requestID'];
    }

// if the user accepts the request ,this method is excuted
}
?>
